Skip to content

Instantly share code, notes, and snippets.

@firefoxrebo
Created May 30, 2017 13:23
Show Gist options
  • Save firefoxrebo/d535e9ab8b070deef50d0057a2feb0fb to your computer and use it in GitHub Desktop.
Save firefoxrebo/d535e9ab8b070deef50d0057a2feb0fb to your computer and use it in GitHub Desktop.
A Self-signed Certificate Creator For MacOS Running on top of built-in Apache Software
#!/usr/bin/env bash
echo "Enter Apache Virtual Host Name <ex: www.abc.com>:"
read _server_name
# The v3 file will sign a version 3 of the certificate and
# will fix the missing.SubjectAltName problem in Chrome
cat > "/etc/apache2/ssl/v3.ext" << EOF1
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${_server_name}
EOF1
# Make sure that ssl folder exists under the apache root folder on MacOS
sudo mkdir -p /etc/apache2/ssl
sudo openssl genrsa -des3 -out /etc/apache2/ssl/rootCA.key 2048
sudo openssl req -x509 -new -nodes -key /etc/apache2/ssl/rootCA.key -sha256 -days 1024 -out /etc/apache2/ssl/rootCA.pem
sudo openssl req -new -sha256 -nodes -out /etc/apache2/ssl/${_server_name}.csr -newkey rsa:2048 -keyout /etc/apache2/ssl/${_server_name}.key
sudo openssl x509 -req -in /etc/apache2/ssl/${_server_name}.csr -CA /etc/apache2/ssl/rootCA.pem -CAkey /etc/apache2/ssl/rootCA.key -CAcreateserial -out /etc/apache2/ssl/${_server_name}.crt -days 365 -sha256 -extfile /etc/apache2/ssl/v3.ext
# Add the certificate to the keychain <make sure to always trust the certificate after the srcipt finishes
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/${_server_name}.crt
sudo rm /etc/apache2/ssl/rootCA.key
sudo rm /etc/apache2/ssl/rootCA.pem
sudo rm /etc/apache2/ssl/rootCA.srl
sudo rm /etc/apache2/ssl/${_server_name}.csr
sudo rm /etc/apache2/ssl/v3.ext
echo "DONE - Please add your vhosts file snippet for your virtual host and set the certificate to always trust in KeyChain \n"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment